Complaint Alleges LifeLock Violated 2010 FTC Settlement By Continuing To Make False Claims

Screen Shot 2015-07-21 at 3.24.49 PMBack in 2010, identity theft protection company LifeLock entered into an $11 million settlement with federal regulators and several states regarding its use of allegedly false claims regarding the effectiveness of its services. According to those same regulators, the company has violated that agreement by continuing to make claims that fail the truth test. 

The Federal Trade Commission announced today that it has taken action against LifeLock for violations of its settlement with the agency and 35 state attorneys general, but declined to provide specifics on what penalties the company could face, aside from asking a court to impose an order requiring full redress to all customers affected by the violations.

According to the FTC complaint [PDF] filed in U.S. District Court in Arizona, from at least October 2012 until March 2014, LifeLock failed live up to is obligations under the 2010 settlement.

Under the previous deal, LifeLock was barred from making deceptive claims about services and was required to take more stringent measures to safeguard the personal information it collects from customers. The company also agreed to provide $11 million in refunds to customers.

At the time of the agreement, Illinois Attorney General Lisa Madigan said that LifeLock had essentially promised not to misrepresent that its services offer “absolute protection against identity theft because there is, unfortunately, no foolproof way to avoid ID theft.”

The FTC alleges the company broke that promise by continuing to make claims that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions.

The Commission assets that from January 2012 through December 2014, LifeLock falsely claimed it protected consumers’ identity 24/7/365 by providing alerts “as soon as” it received any indication there was a problem.

Additionally, the complaint states that LifeLock violated its previous order by failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card, social security, and bank account numbers.

As for LifeLock, the company says that after 18 months of working with the FTC, it became evident the two parties could not reach an agreement over the issues outside of a court of law.

“We disagree with the substance of the FTC’s contentions and are prepared to take our case to court,” the company said in a statement. “LifeLock takes the accuracy of our advertising materials very seriously. The alerting claims raised by the FTC did not result in any known identity theft for LifeLock members.”

FTC Takes Action Against LifeLock for Alleged Violations of 2010 Order [Federal Trade Commission]